Search squid archive

Re: Squid with auth NTLM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Squid -v:

Squid Cache: Version 3.0.STABLE1
configure options:  '-prefix=/usr/local/squid'
'-exec-prefix=/usr/local/squid' '-enable-delay-pools'
'-enable-cache-digests' '-enable-poll' '-disable-ident-lookups'
'-enable-truncate' '-enable-removal-policies'
'--enable-follow-x-forwarded-for' '--enable-ssl'
'--enable-large-cache-file' '--enable-snmp' '--enable-auth=basic,ntlm'
'--enable-basic-auth-helpers=LDAP,MSNT,multi-domain-NTLM'
'--enable-digest-auth-helpers=password'
'--enable-external-acl-helpers=ip_user,ldap_group'
'--enable-removal-policies=heap,lru' '--enable-x-accelerator-vary'
'--enable-err-languages=Spanish'
'LDFLAGS=-L/usr/local/BerkeleyDB.4.2/lib'

2007/12/18, Nick Duda <nduda@xxxxxxxxxxxxxx>:
> Whats your "squid -v"
>
> ________________________________
>
> From: Leandro Ferrrari [mailto:talsoft@xxxxxxxxx]
> Sent: Tue 12/18/2007 5:43 AM
> To: Nick Duda
> Cc: Amos Jeffries; squid-users@xxxxxxxxxxxxxxx
> Subject: Re:  Squid with auth NTLM
>
>
>
> Hi, yes the command wbinfo -g and -u working perfectly. My configuration is:
>
> krb5.conf:
> ...
> [libdefaults]
>  default_realm = NEXTIT.LOCAL
>  dns_lookup_realm = yes
>  dns_lookup_kdc = yes
>
> [realms]
>  NEXTIT.LOCAL = {
>   kdc = vm-ws2003.nextit.local:88
>   admin_server = vm-ws2003.nextit.local:749
>   default_domain = NEXTIT
>  }
>
> [domain_realm]
>  .nextit.local = NEXTIT.LOCAL
>  nextit.local = NEXTIT.LOCAL
> ...
>
> SMB.conf:
>
> [global]
> workgroup = NEXTIT
> server string = Samba Server
> password server = NameOfServer
> encrypt passwords = yes
>  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>  realm = NEXTIT.LOCAL
>    idmap uid = 10000-20000
>    idmap gid = 10000-20000
>    template shell = /bin/false
>    winbind enum users = yes
>    winbind enum groups = yes
>    winbind use default domain = yes
>    client ntlmv2 auth = yes
>
>
> Server Windows Active Directory is Windows 2003 Server
> Client Windows  is Windows XP
>
> Sincerely
> Leandro Ferrari
>
>
>
>
> 2007/12/17, Nick Duda <nduda@xxxxxxxxxxxxxx>:
> > Have you joined your box to the domain? What is your krb5.conf file? What is your smb.conf file? What is the status of something like wbinfo -g or -u ?
> >
> > I would troubleshoot your domain connectivity before you worry about squid.
> >
> >
> > -----Original Message-----
> > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
> > Sent: Mon 12/17/2007 7:33 PM
> > To: Leandro Ferrrari
> > Cc: squid-users@xxxxxxxxxxxxxxx
> > Subject: Re:  Squid with auth NTLM
> >
> > > I have configured squid 3.0 with NTLM, and this configuration in
> > > squid.conf is:
> > >
> > > auth_param ntlm program /usr/local/bin/ntlm_auth
> > > --helper-protocol=squid-2.5-ntlmssp
> > > auth_param ntlm children 30
> > > auth_param ntlm max_challenge_lifetime 2 minutes
> > >
> > > auth_param basic program /usr/local/bin/ntlm_auth
> > > --helper-protocol=squid-2.5-basic
> > > auth_param basic children 5
> > > auth_param basic realm Squid proxy-caching web server
> > > auth_param basic credentialsttl 2 hours
> > >
> > > When a test the ntlm auth, in the Explorer client with a user
> > > authenticate in Domain Controller Windows 2003, the explorer or
> > > firefox show popup of the basic auth.
> > > How to use the ntlm auth with an user of the domain group without auth
> > > basic?
> >
> > Remove the basic configuration to not use it.
> > You NTLM is broken by the sound of it if its always falling back on basic.
> > Although the login box does not necessarily mean basic is being used. It
> > could just be that the browser has no working credentials for the user to
> > login NTLM with.
> >
> >
> > Amos
> >
> >
> >
>
>
>

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux